[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)

Rowland Penny rpenny at samba.org
Sat Jan 18 09:49:28 UTC 2025


On Fri, 17 Jan 2025 22:55:59 +0100
Carlos Alberto Balseiro Mayi via samba <samba at lists.samba.org> wrote:

> 
> 
> testparm -s output:
> 
> > Load smb config files from /etc/smb4.conf
> > Loaded services file OK.
> > Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility 
> > fallback)
> > 
> > Server role: ROLE_STANDALONE
> > 
> > # Global parameters
> > [global]
> > bind interfaces only = Yes
> > disable spoolss = Yes
> > dns proxy = No
> > load printers = No
> > logging = file
> > map to guest = Bad User
> > max log size = 5120
> > passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
> > printcap name = /dev/null
> > registry shares = Yes
> > server multi channel support = No
> > server string = TrueNAS Server
> > winbind request timeout = 2
> > workgroup = CORUSCANT
> > idmap config * : range = 90000001 - 100000000
> > fruit:zero_file_id = False
> > fruit:nfs_aces = False
> > idmap config * : backend = tdb
> > create mask = 0664
> > directory mask = 0775
> > kernel oplocks = Yes
> > 
> > (REMOVED INFO FROM SHARES NOT INVOLVED IN THIS)
> > 
> > [descargas]
> > ea support = No
> > guest ok = Yes
> > path = /mnt/NAS/descargas
> > read only = No
> > smbd max xattr size = 2097152
> > vfs objects = streams_xattr shadow_copy_zfs ixnas zfs_core io_uring
> > tn:vuid =
> > fruit:time machine max size = 0
> > fruit:time machine = False
> > nfs4:chown = True
> > tn:home = False
> > tn:path_suffix =
> > tn:purpose = MULTI_PROTOCOL_NFS
> 
> Audit bad user:
> 
> > Logon ID: '0'
> > Logon Type: 3
> > Local Address: ipv4:192.168.1.4:445
> > Remote Address: ipv4:192.168.1.100:55186
> > Service Description: SMB2
> > Auth Description: Null
> > Client Domain: ''
> > Client Account: badusertest
> > Workstation: ''
> > Became Account: Null
> > Became Domain: Null
> > Became Sid: Null
> > Mapped Account: badusertest
> > Mapped Domain: ''
> > Netlogon Computer: Null
> > Netlogon Trust Account: Null
> > Netlogon Negotiate Flags: '0x00000000'
> > Netlogon Secure Channel Type: 0
> > Netlogon Trust Account Sid: Null
> > Password Type: NTLMv2
> > Client Policy Access Check: Null
> > Server Policy Access Check: Null
> > Vers:
> > Major: 0
> > Minor: 1
> > Result:
> > Type: NTSTATUS
> > Value Raw: 3221225572
> > Value Parsed: NT_STATUS_NO_SUCH_USER
> 
> smbstatus bad user:
> 
> > Samba version 4.20.5-truenas
> > PID     Username     Group        Machine
> > Protocol Version  Encryption           Signing
> > ----------------------------------------------------------------------------------------------------------------------------------------
> > 193273  nobody       nogroup      192.168.1.100 
> > (ipv4:192.168.1.100:55188)  SMB3_11           -                    -
> > 102411  nobody       nogroup      192.168.1.10 
> > (ipv4:192.168.1.10:47964)    SMB3_11           -
> > -
> > 
> > Service      pid     Machine       Connected at                     
> > Encryption   Signing
> > ---------------------------------------------------------------------------------------------
> > IPC$         102411  192.168.1.10  Fri Jan 17 18:53:13 2025 CET
> > - -
> > descargas    193273  192.168.1.100 Fri Jan 17 21:56:27 2025 CET
> > - -
> > Carpetas Personales 102411  192.168.1.10  Fri Jan 17 18:53:13 2025
> > CET  
> >    -            -
> > IPC$         193273  192.168.1.100 Fri Jan 17 21:56:27 2025 CET
> > - -
> > 
> > Locked files:
> > Pid          User(ID)   DenyMode   Access      R/W        Oplock
> > SharePath   Name   Time
> > --------------------------------------------------------------------------------------------------
> > 193273       65534      DENY_NONE  0x12019f    RDWR       BATCH
> > /mnt/NAS/descargas   MiSTer/games/AO486/media/another world/another 
> > world.vhd   Fri Jan 17 21:58:04 2025
> 
> Audit sec=none :
> 
> > Logon ID: '0'
> > Logon Type: 3
> > Local Address: ipv4:192.168.1.4:445
> > Remote Address: ipv4:192.168.1.100:43240
> > Service Description: SMB2
> > Auth Description: Null
> > Client Domain: ''
> > Client Account: ''
> > Workstation: ''
> > Became Account: nobody
> > Became Domain: TRUENAS
> > Became Sid: S-1-5-21-2028966449-1147323095-3560797536-501
> > Mapped Account: ''
> > Mapped Domain: ''
> > Netlogon Computer: Null
> > Netlogon Trust Account: Null
> > Netlogon Negotiate Flags: '0x00000000'
> > Netlogon Secure Channel Type: 0
> > Netlogon Trust Account Sid: Null
> > Password Type: No-Password
> > Client Policy Access Check: Null
> > Server Policy Access Check: Null
> > Vers:
> > Major: 0
> > Minor: 1
> > Result:
> > Type: NTSTATUS
> > Value Raw: 0
> > Value Parsed: SUCCESS
> 
> smbstatus sec=none:
> 
> > Samba version 4.20.5-truenas
> > PID     Username     Group        Machine
> > Protocol Version  Encryption           Signing
> > ----------------------------------------------------------------------------------------------------------------------------------------
> > 102411  nobody       nogroup      192.168.1.10 
> > (ipv4:192.168.1.10:47964)    SMB3_11           -
> > - 187450  nobody       nogroup      192.168.1.100 
> > (ipv4:192.168.1.100:43240)  SMB3_11           -                    -
> > 
> > Service      pid     Machine       Connected at                     
> > Encryption   Signing
> > ---------------------------------------------------------------------------------------------
> > IPC$         102411  192.168.1.10  Fri Jan 17 18:53:13 2025 CET
> > - -
> > IPC$         187450  192.168.1.100 Fri Jan 17 21:44:41 2025 CET
> > - -
> > Carpetas Personales 102411  192.168.1.10  Fri Jan 17 18:53:13 2025
> > CET  
> >    -            -
> > descargas    187450  192.168.1.100 Fri Jan 17 21:44:41 2025 CET
> > - -
> > 
> > No locked files
> 
> Best Regards,
> 
> Carlos A. Balseiro

I think I see what is happening here, but I need to see the commands
you are using to connect to the share (where you are using 'sec=') to
confirm or deny my thinking.

Rowland



More information about the samba mailing list